On 4/30/20 1:19 PM, Chad Hoolie wrote: > Hello, > > I'm using httpd with acme-client and Let's Encrypt > (https://www.romanzolotarev.com/openbsd/acme-client.html). > > This setup, however, only seems to support TLS 1.2, whereas TLS 1.3 is needed > to achieve A+ ratings across the board. > > Anybody know how to make the upgrade? > > --Chad > httpd(8): protocols string Specify the TLS protocols to enable for this server. If not specified, the value "default" will be used (secure protocols; TLSv1.2-only). Refer to the tls_config_parse_protocols(3) function for other valid protocol string values.
tls_config_parse_protocols(3): Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported protocols), untested, but seems pretty self-explanatory.